Utok na firewall
Michal Rysavy
mrysavy na trask.cz
Pátek Červenec 20 19:59:18 CEST 2001
Po zapnuti logovani iptables mi neustale vyskakuje v /etc/messages:
"IPTABLES-SPOOF:"IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:4f:07:14:70:08:00
SRC=192.168.1.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128
ID=44373 PROTO=UDP SPT=68 DPT=67 LEN=308
"IPTABLES-SPOOF:"IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:4f:07:14:70:08:00
SRC=192.168.1.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128
ID=44629 PROTO=UDP SPT=68 DPT=67 LEN=308
"IPTABLES-SPOOF:"IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:4f:05:ef:b4:08:00
SRC=10.0.0.2 DST=255.255.255.255 LEN=271 TOS=0x00 PREC=0x00 TTL=128 ID=3773
PROTO=UDP SPT=68 DPT=67 LEN=251
"IPTABLES-SPOOF:"IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:4f:05:ef:b4:08:00
SRC=10.0.0.2 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=4029
PROTO=UDP SPT=67 DPT=68 LEN=308
kde eth0 je vnejsi sitovka (do internetu), ip set 10.x.x.x a 192.168.x.x
nikde nepouzivame a bootp tez nepouzivame (pouzivame dhcp a ip set
125.1.1.x).
Z vnitrni site to urcite neni (vyzkouseno odpojeni vnitrni sitovky).
Domnivam se, ze se jedna o utok, ale nejde mi do hlavy, jaktoze u bootp
pozadavku neni zdrojova adresa 0.0.0.0 a jaktoze router, ktery je pred
firewallem, propusti tyto pakety (zdrojova adresa je vnitrnich siti a hlavne
cilova je 255.255.255.255). Pokud by mi nekdo poradil, co se s tim da delat,
budu vdecen.
S pozdravem Michal Rysavy
Další informace o konferenci Linux